Thursday, January 27, 2011

Exchange 2010 SP2 is expected to be released by Microsoft second half of 2011. With the release of SP2 the way GAL segmentation will work has been changed.

GAL segmentation allowed administrators to optimize address lists in large companies, creating smaller 'virtual' organizations, with users only able to see the users they need to see.

In previous versions of Exchange GAL Segmentation was ACL based on a permission structure.

With Exchange 2010 SP2 GAL Segmentation will be delivered using an "Address Book Policy" assignment model.

Microsoft's intended audiences for this feature are organizations that: - Require some form of sub-divided address book or who wish to create several 'virtual' organizations within a single Exchange Organization. - Enable users to share some resources between these segmented user populations - Seek to control which objects are visible to a user when they open their address book picker.

I will post more information on the new GAL Segmentation feature when given the thumbs up from Microsoft.

'Run the functions if the user is a member of the groupSet oGroup = getobject("WinNT://kbomb.local/" & "Domain Admins")For Each oMember in oGroup.MembersIf lcase(oMember.Name) = lcase(UserLoggedIn) ThenRunRegModifications()RunFileModifications()End IfNext

Wednesday, January 26, 2011

It is supported to install Outlook 2007 on the same computer on which you have installed Exchange 2007.

Why install Outlook on the Exchange server?

In Exchange 2007 (RTM, SP1, SP2 and SP3) and Exchange 2010 RTM, Outlook was a requirement to use the import/export from/to PST files powershell cmdlets as it used API's from Outlook to perform these operations.

In Exchange 2010 SP1 Outlook is no longer a requirement to use the import/export PST cmdlets in powershell.

For small organisations installing Outlook on the Exchange server is ok!

For large organisations it is best practice to install the exchange management tools on a Windows 7 PC or management server with Outlook.

Monday, January 24, 2011

When Installing Exchange 2003 SP2 management tools on an Exchange 2003 SP2 mailbox server the following error was experianced.

Setup failed while installing sub-components Exchange System Management Snap-ins with error code 0xC0070002 (please consult the installation logs for a detailed description). You may cancel the installation or try the failed setup again.

After the setup process EventID 1002 was logged from MSExchangeSetup in the Application logs.

Wednesday, January 19, 2011

I'm consulting for a large company with 2 forests (Forest A and Forest B) running 7 domains - all Exchange 2003.

I am creating a new forest, Forest C.

All users, groups, computer objects and contacts are being migrated from all domains in Forest A and Forest B into a new domain in Forest C.

My customer wanted to know if it was possible to move the users mailboxes "into the cloud" during the migration a forth forest, Forest D by an Exchange hosting provider running Exchange 2010 "hosting mode".

Here is a copy of the response I received from Microsoft on the matter:

Hi Clint,

Thanks for your update.

So, here I would like to re-understand your concern: there are four forests A, B, C and D(D forest is installed with hosting mode Exchange 2010 ). You want to confirm that whether it is possible to migrate user accounts, groups, computer accounts and other Active Directory objects from forest A, B to forest C while migrating mailboxes to forest D. Please let me know if there is any misunderstanding.

If my understand is correct, I would like to let you know that it is not recommended migration because of the following reason:

1. If we migrate the mailbox and Active Directory account to different forest, we have to create linked mailboxes. However, Exchange 2010 which is installed in hosting mode don't support "resource forest". For example, based on the result of many tests, if we create a mailbox in forest D for the user in forest C, this user is not able to see others in Global Address List while others are able to see him/her in Global Address List.

2. Hosting mode Exchange server is designed for multi-tenant. It is designed for those companies and organizations which haven't Active Directory and Exchange. So if we migrate mailboxes to the forest which holds hosting mode Exchange server, I believe there will be a lot of unexpected issues and inconvenience.

For your reference, I would like to share the following article with you:

Thursday, January 13, 2011

Invoke or BeginInvoke cannot be called on a control until the window handle has been created.. Weirdly enough when I closed my Explorer window which I used to browse to setup.exe it stopped the error from being generated.

Then click Tools --> Content Report. Select All public folders for the scope.

Specify a location where to save the report.

When the report finishes generating you will have on your screen the total number of public folders residing on the server.

Exchange 2007/2010

Exchange 2007/2010 has native powershell support. Chris Schrimsher has produced a script that will automatically count the number of public folders you have in your organisation. To get a copy of his script please view the following link:

Core system database to manage the SQL Server instance. In SQL Server 2005, the Master database is the logical repository for the system objects residing in the sys schema. In SQL Server 2000 and previous editions of SQL Server, the Master database physically stored all of the system objects.

- The first database in the SQL Server startup process
- In SQL Server 2005, needs to reside in the same directory as the Resource database

Resource Database

Purpose

The Resource database is responsible for physically storing all of the SQL Server 2005 system objects. This database has been created to improve the upgrade and rollback of SQL Server system objects with the ability to overwrite only this database.

Prominent Functionality

- System object definition

Additional Information

- Introduced in SQL Server 2005 to help manage the upgrade and rollback of system objects
- Prior to SQL Server 2005 the system related data was stored in the master database
- Read-only database that is not accessible via the SQL Server 2005 tool set
- The database ID for the Resource database is 32767
- The Resource database does not have an entry in master.sys.databases

TempDB

Purpose

Temporary database to store temporary tables (#temptable or ##temptale), table variables, cursors, work tables, row versioning, create or rebuild indexes sorted in TempDB, etc. Each time the SQL Server instance is restarted all objects in this database are destroyed, so permanent objects cannot be created in this database.

Prominent Functionality

- Manage temporary objects listed in the purpose above

Additional Information

- Each time a SQL Server instance is rebooted, the TempDB database is reset to its original state

Model Database

Purpose

Template database for all user defined databases. This is the template that is used when creating a new database.

Prominent Functionality

- Objects
- Columns
- Users

Additional Information

- User defined tables, stored procedures, user defined data types, etc can be created in the Model database and will exist in all future user defined databases
- The database configurations such as the recovery model for the Model database are applied to future user defined databases

- Provides some of the configurations for the SQL Server Agent service
- For the SQL Server 2005 Express edition installations, even though the SQL Server Agent service does not exist, the instance still has the MSDB database

Distribution

Purpose

Primary data to support SQL Server replication.

Prominent Functionality

- Database responsible for the replication meta data
- Supports the data for transaction replication between the publisher and subscriber(s)

ReportServer

Purpose

Primary database for Reporting Services to store the meta data and object definitions.

pfadmin 1.3Available at: ftp://ftp.microsoft.com/pss/tools/Exchange%20Support%20Tools/PFAdmin/Used for: imports, or interactivelyWorks with: Exchange 5.5, 2000, 2003Description: This is the original pfadmin from the Exchange 5.5 days. The most typical use is for running permissions imports that were generated with pfinfo 3.x, which are made up of SETACL command lines. You can also use it interactively to run SETACL and SETREPLICA commands. Pfadmin lets you view the current permissions and replicas using LISTACL and LISTREPLICAS respectively. However, these dumps can not be imported since they don't use SETACL or SETREPLICAS command format.

pfinfo 3.xAvailable at: ftp://ftp.microsoft.com/pss/tools/Exchange%20Support%20Tools/PFInfo/55/Used for: exporting permissions in pfadmin 1.3 command syntax, also reports certain propertiesWorks with: Exchange 5.5Description: This is the original pfinfo from the Exchange 5.5 days. The most typical use is for running permissions exports, which are actually just a list of SETACL commands. These can be imported using pfadmin 1.3. Pfinfo also generates a report that includes various other properties of the folder, such as item count and folder size. The property export can not be imported. You can try running this against Exchange 2000 and 2003, but you will find that in some cases subfolders will appear as root folders in the export, because pfinfo gets the folder path from the directory object, which is not always populated in 2000 and 2003.

pfadminE2KAvailable at: ftp://ftp.microsoft.com/pss/tools/Exchange%20Support%20Tools/PFAdmin/Used for: importsWorks with: Exchange 2000 RTM onlyDescription: This is an updated pfadmin for Exchange 2000, but it is not widely used due to several shortcomings. First, its command and permissions syntax is completely different from pfadmin 1.3, meaning you can't import your old pfinfo exports with the new pfadminE2K. Second, with E2K Sp1 and later, most operations fail. It only works reliably with the RTM version of E2K.

pfinfoE2KAvailable at: ftp://ftp.microsoft.com/pss/tools/Exchange%20Support%20Tools/PFInfo/2000/Used for: exporting permissions in pfadminE2K command syntax, also reports certain propertiesWorks with: Exchange 2000 RTM onlyDescription: This is the updated pfinfo for Exchange 2000, which was also not widely used for similar reasons. The new permissions export format made it incompatible with any tool except pfadminE2K, and it only works reliably with E2K RTM.

PFDavAdminAvailable at: ftp://ftp.microsoft.com/pss/tools/Exchange%20Support%20Tools/PFDavAdmin/Used for: exporting and importing permissions and replica lists in pfadmin 1.3 command syntax, version 2.3 and later exports propertiesWorks with: Exchange 2000, 2003Description: PFDavAdmin accesses the information store through webDAV, thus the name, and was originally written to correct non-canonical DACLs on public folders. Its features eventually expanded to include imports and exports of permissions and replicas in pfadmin 1.3 command syntax. Version 2.3 and later can also export properties such as item count (PR_CONTENT_COUNT) and folder size (PR_MESSAGE_SIZE) into a tab-delimited file similar to the old pfinfo output (which also can not be imported, just like the old pfinfo output). In addition, it can be used to propagate single permissions and replicas down a tree of subfolders, instead of overwriting as ESM does. It has other features as well, which are discussed in the included doc.

pfmigrateAvailable at: http://www.microsoft.com/exchange/downloads/2003/default.mspx, as part of the E2K3 deployment toolsUsed for: adding and removing replicas for all folders on a server, site consolidationWorks with: Exchange 2000, 2003Description: Pfmigrate is especially useful for Exchange 2003 Sp1 site consolidation, since it changes the legacy DN of a public folder, which no other utility does. Site consolidation is outside the scope of this article. However, pfmigrate can also be used to simply add replicas of all folders on one server to another server, and remove replicas of all folders from the original server.

exdeployAvailable at: http://www.microsoft.com/exchange/downloads/2003/default.mspx, as part of the E2K3 deployment toolsUsed for: besides other things that exdeploy is used for, the /pubfoldcheck switch is of interest in regards to public folders as /pubfoldcheck runs a part of the DS/IS Consistency Adjuster that removes the unknown accounts from public folder ACLs. Those unknown accounts, if unhandled, could then get replicated to Exchange 200x servers as zombie users, thus causing problems. Exdeploy /pubfoldcheck can be scripted and run against multiple servers. NOTE: earlier version of exdeploy help stated that /pubfoldcheck also synchronized the public folder store and the Exchange directory (which could possibly cause public folders to be rehomed). This is however incorrect and it has been fixed in the new version of help file available with the tool at the above link.

Use Jetstress 2010 to verify the performance and stability of a disk subsystem prior to putting a Microsoft Exchange Server 2003, 2007 and 2010 server into production. Jetstress helps verify disk performance by simulating Exchange disk Input/Output (I/O) load. Specifically, Jetstress simulates the Exchange database and log file loads produced by a specific number of users. You use Performance Monitor, Event Viewer, and ESEUTIL in conjunction with Jetstress to verify that your disk subsystem meets or exceeds the performance criteria you establish. After a successful completion of the Jetstress Disk Performance and Stress Tests in a non-production environment, you will have ensured that your Exchange disk subsystem is adequately sized (in terms of performance criteria you establish) for the user count and user profiles you have established. It is highly recommended that the Jetstress user read through the tool documentation before using the tool.

You should always run Jetstress on your new Exchange 2003/2007 or 2010 server before putting it into production.

The following TechNet article from Microsoft says Error Code 49 is the following:

Error code 49 (Invalid credentials)This error code might indicate that the user's password expired while the user is still logged on the computer.To correct invalid credentials:1. Change the user's password.2. Lock/unlock the workstation.3. Check if there are any system services running as the user account.4. Verify the password in service configuration is correct for the user account.

Monday, January 10, 2011

I have been arguing with clients for the last 2 years against purchasing expensive SAN's and RAID solutions to run their Exchange 2010 infrastructure. I explain to them a mailbox server or a disk is not important. Set your infrastructure up so you can remove any server from the equation and allow users to continue to receive email!

I get IT professionals and and Solution Architects look at me like I'm an idiot when I say things like "you don't even need RAID on your cheap mailbox servers in many cases".

Before purchasing expensive storage infrastructure to run Exchange 2010 please read the following article:

Exchange Server 2010 RTM released archives allowing you to archive the users mailbox within the same Exchange mailbox database.

Exchange Server 2010 SP1 made it possible to store your archive mailboxes in a different mailbox database on the Exchange 2010 server.

With Office 365 beta, we can now enable organizations to store archive mailboxes in the cloud, while maintaining the primary mailbox on your on-premises Mailbox servers running Exchange 2010 SP1. Users can seamlessly access their primary on-premises mailbox and their archive in the cloud using Outlook 2010, Outlook 2007 and Outlook Web App (OWA).

Thursday, January 6, 2011

Is it possible for my email to get journaled more then once by a single hub transport server?

Yes it is. With Exchange 2010, it's possible to have that message journalized several times because of the way the transport expands the Distribution List. The transport will try to send the message as soon as possible, so it "chips" the DL into chucks of 1000processes each chuck with any enabled transport agents (including the journal agent) then sends the first chuck of 1000. If you have a DL of, say, 4500 members, you'd get 5 messages in the journal. You can change the size of the "chip" to a value large enough that no DL would have more than the value of the "ExpansionSizeLimit". You have to make that change in the file edgetransport.exe.config on each HT server and then restart the transport service.

If an email passes through multiple Hub Transport servers is it journaled more then once as it's being processed by multiple transport agents? Hub Transport servers marked as Hub Sites can cause emails to be processed by multiple Hub Transport servers along the way.

No emails are only ever processed by one journal agent. Once an email passes through the first Hub Transport server the Transport Agent or Journal Agent "stamps" the email as being processed in the message header with X-MS-Exchange-Organization-Processed-By-Journaling x-header, so other Hub Transport servers can determine it’s already journaled. This prevents the Journal Agent or Transport Agent from processing it more then once.

With Exchange 2010, it's possible to have that message journalized several times because of the way the transport expands the Distribution List. The transport will try to send the message as soon as possible, so it "chips" the DL into chucks of 1000processes each chuck with any enabled transport agents (including the journal agent) then sends the first chuck of 1000. If you have a DL of, say, 4500 members, you'd get 5 messages in the journal. You can change the size of the "chip" to a value large enough that no DL would have more than the value of the "ExpansionSizeLimit". You have to make that change in the file edgetransport.exe.config on each HT server and then restart the transport service.

A big thankyou to Rich Matheisen [MVP] for explaining this to me.

[EDIT]

The following comment was made from Ross Smith from Microsoft:

We don’t recommend changing the chipping size as it is a feature to help with memory management. Sure you can manipulate a knob and increase the number, but ultimately either a) there will be performance issues (undefined) or b) a message will still contain more recipients than the custom number entered. In other words, there is no guarantee a single message will always be used when generating the journal report.

Every organisation only contains one mailbox server responsible for generating the Offline Address Book. This server is known as the OAB Generation server. The OAB Generation server then distributes the OAB to Client Access Servers for distribution to Outlook clients. I explained this process on a previous blog post.

The mailbox server running OABGen also has another role, to generate group metrics. Group metrics counts the members of all groups periodically on mailbox servers, and uses Exchange File Distribution to get the group metrics files out to CAS servers. Exchange File Distribution is the same method used in OAB distribution.

The Exchange 2010 mailbox server will have a share called \\mailboxserver\GroupMetrics where your group metrics are generated. If you're not seeing that on any mailbox servers, you're not generating group metrics. When you look in that share, make sure the files in it have been changed within the past 24 hours. Restarting the Exchange Service Host will generate a fresh file; that process may take minutes or hours depending on the number of groups in your organization. Also, make sure the Exchange File Distribution service is running on Client Access servers and Mailbox servers, and that your CASes can connect to \\mailboxserver\GroupMetrics.

It is possible to separate the mailbox servers generating OABGen and Group Metrics. To configure a different server to generate Group Metrics use the following command:

Set-MailboxServer -GroupMetricsGenerationEnabled $true

I do not recommend this however as both the OABGen and Group Metrics generation roles cannot be clustered or made highly available in anyway. As a result it is best to put both these tasks on the same box so your mentally aware of the single point of failure (SPOF).

What are Group Metrics used for?

Group metrics counts the members of all groups periodically on mailbox servers. Group metrics is used by a Mail Tip which counts the number of users your about to send an email to.

Items in the Recoverable Items folder aren't calculated toward the user's mailbox quota. In Exchange 2010, the Recoverable Items folder has its own quota. When a user's Recoverable Items folder exceeds the warning quota for recoverable items (as specified by the RecoverableItemsWarningQuota parameter), an event is logged in the Application event log of the Mailbox server. When the folder exceeds the quota for recoverable items (as specified by the RecoverableItemsQuota parameter), users won't be able to empty the Deleted Items folder or permanently delete mailbox items. Also copy-on-write won't be able to create copies of modified items. Therefore, it's critical that you monitor the Recoverable Items quotas for mailbox users placed on litigation hold.

For mailbox databases, the default RecoverableItemsWarningQuota and RecoverableItemsQuota values are set to 20 Gb and 30 Gb respectively. These settings are usually sufficient for storing several years of mailbox data when on litigation hold. To modify these values for a mailbox database, use the Set-MailboxDatabase cmdlet. To modify them for individual mailboxes, use the Set-Mailbox cmdlet.

Wednesday, January 5, 2011

DAG Failover and Journaling is not an area highlighted on TechNet. If you configure journaling on a mailbox database and a failover of that mailbox database occurs what happens with the journaling? Does it still work?

The answer is Yes... Let me explain.

When a journal rule is created it is stored in Active Directory. The journal rule is replicated to all domain controllers throughout your infrastructure and applied to all Hub Transport servers in the Exchange 2010 organization.

When a mailbox database fails over from Site1 to Site2, the hub transport server in Site2 will still have the journal rules applied as it was replicated using Active Directory replication. The store driver on the hub transport servers in Site2 will pull the emails from the failed over database as it would in Site1. The journal agents on the hub transport servers in Site2 would then process the journal rules.

It doesn't matter what location the mailbox database is located, it will always be journaled if the rule is configured!

Warning...

If you journal all emails coming in and out of a mailbox database the the disk I/O will be two times the typical disk I/O. It is recommended that a separate server be setup to act as a journaling server and to hold the journal recipient mailboxes. If your journal recipient mailbox is located in Site1 and the mailbox database being journaled is located in Site2 due to a DAG failover then all journal emails will be replayed back to Site1 which can cause WAN link congestion.

You have created a journal rule which you have applied to a distribution/security group. Every email sent through this distribution/security group. However when you add a user to this distribution group the email they send or receive is not journalled for sometimes up to half a day. Why is this?

Each Hub Transport server caches distribution group membership. This reduces load on your Active Directory domain controllers. By default, entries in the expanded groups cache expire in four hours.

I don't want to wait the 4 hours?

If you want to make group membership changes immediate so journaling takes effect right away you must restart the Microsoft Exchange Transport service on each Hub Transport server. This will force an immediate update of the recipient cache. You must do this for each Hub Transport server where you want to forcibly update the recipient cache.